Hello everyone, this is Manon DURAND, health lawyer at Pharmaspecific. Today, we meet to talk about the General Data Protection Regulation (or GDPR), which is the reference text for personal data protection. The GDPR went into effect on May 25, 2018 in the EU member states. But it is not always very simple to apply. That’s why I’m here to help you today with the following question: when a company implements an anonymization process, does it have to apply the GDPR?
As a reminder, anonymization is a process that will prevent any re-identification of data. That is to say that when we set up an anonymization, it will be impossible, afterwards, to re-identify the data that we have anonymized. Anonymization differs from pseudonymization because, conversely, pseudonymization allows re-identification by coupling the pseudonymized data with other data. To be clearer, anonymization is a process that will render data irreversibly anonymous.
Anonymization – like pseudonymization – is a security measure, i.e., it protects personal data processed by a company.
But it is not sufficient to allow not to apply the other rules of the GDPR for two reasons. The first is that the GDPR applies in two cases: either when the company is established in a member state of the European Union, or when the company processes the data of European Union citizens.
The second reason is that the GDPR is not only a set of security measures, there are many other obligations that arise from the GDPR such as the establishment of processing registers, impact assessment, control of transfers outside the EU and a whole bunch of other measures that are put in place by this text.
In conclusion, anonymization is a way to ensure compliance with the GDPR, however, it is not enough to be GDPR compliant. It is necessary to implement all the other obligations that arise from the GDPR.
I hope you liked this video, if you did, please subscribe to the channel and like it. You will find in the information bar all the information concerning our services and in particular the monthly legal watch as well as the legal advice in clinical research. And we’ll see you soon for a new video.